Client Enablement Services (CES) uses the Avaya SIP CA certificate on IBM HTTP Server (IHS) and a custom self-signed certificate on Handset Server (HSS). To prevent login failure for Avaya one-X® Mobile clients, you must install the CES CA certificate and create a TLS profile in the following order:

1. Install Avaya SIP CA or third-party certificate on the CES client.

2. If you want to use System Manager CA certificates on IHS/HSS, run scripts on CES. This step is optional if you use other certificates.

3. Extract the CES CA certificate.

4. Install the CES CA certificate.

5. Create a TLS client profile.

For information about putting an identity certificate on the CES server, see Implementing Avaya one-X® Client Enablement Services at https://support.avaya.com.